Mailinglist Archive: opensuse-security (256 mails)

[Ashley Gould <agould@xxxxxxxx>]

Hi list,

I've setup SuSEfirewall2 on my webserver to log all connections.  It is very
noisy in the logs. Fine.  I expected that.  What I didn't expect is syslog
writing kernel messages to 3 log files.  All the iptables entries are
triplicated in /var/log/message|warn|kernal.  Much more noise than I bargained
for.  My 5GB /var partition is not up to it.

So I reset SuSEfirewall2 to log only "critical" connections.  It seems I still
get just as much log activity as before (but perhaps not to all 3 logs?).


My questions are, 

first, what does SuSEfirewall2 consider as "critical" connections? 

and second, how can I get syslog to write these messages into just one 
log file?


from /etc/syslog:
kern.*                                  /var/log/kernel
*.=warning;*.=err               -/var/log/warn
*.crit                           /var/log/warn
*.*;mail.none;news.none         -/var/log/messages

from /etc/sysconfig/SuSEfirewall2:
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"







-- 

-ashley

Did you try poking at it with a stick?